What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-29 19:08:06 | ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks (lien direct) | The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea. | APT 37 | ||
|
2021-11-29 17:47:10 | Unpatched Windows Zero-Day Allows Privileged File Access (lien direct) | A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug. | |||
|
2021-11-29 16:37:16 | Shape-Shifting \'Tardigrade\' Malware Hits Vaccine Makers (lien direct) | Some security researchers say it's actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it's for real a scary morphic malware that changes its parts and recompiles itself. | Malware | ||
|
2021-11-25 16:02:38 | New Twists on Gift-Card Scams Flourish on Black Friday (lien direct) | Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday. | |||
|
2021-11-24 17:28:37 | 9.3M+ Androids Running \'Malicious\' Games from Huawei AppGallery (lien direct) | A new trojan called Android.Cynos.7.origin, designed to collect Android users' device data and phone numbers, was found in 190 games installed on over 9M Android devices. | |||
|
2021-11-24 16:16:12 | GoDaddy Breach Widens to Include Reseller Subsidiaries (lien direct) | Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen. | |||
|
2021-11-24 15:55:50 | Apple\'s NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker (lien direct) | Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company's woes. | |||
|
2021-11-24 14:09:18 | Attackers Actively Target Windows Installer Zero-Day (lien direct) | Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month. | |||
|
2021-11-23 21:09:04 | Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast (lien direct) | That's just the start of what cyberattackers will zero in on as they pick up APT techniques to hurl more destructive ransomware & supply-chain attacks, says Fortinet's Derek Manky. | Ransomware | ||
|
2021-11-23 14:00:01 | How to Defend Against Mobile App Impersonation (lien direct) | Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this. | Malware | ||
|
2021-11-23 12:59:47 | Common Cloud Misconfigurations Exploited in Minutes, Report (lien direct) | Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes. | |||
|
2021-11-22 22:03:30 | GoDaddy\'s Latest Breach Affects 1.2M Customers (lien direct) | The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins. | |||
|
2021-11-22 20:13:09 | Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches (lien direct) | Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season. | |||
|
2021-11-22 19:26:25 | Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws (lien direct) | Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters. | |||
|
2021-11-22 19:14:11 | Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover (lien direct) | CloudLinux' security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug. | |||
|
2021-11-19 19:49:31 | Iranians Charged in Cyberattacks Against U.S. 2020 Election (lien direct) | The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation. | Threat | ||
|
2021-11-19 17:39:18 | 6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years (lien direct) | Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm. | Vulnerability | ||
|
2021-11-19 13:31:28 | California Pizza Kitchen Serves Up Employee SSNs in Data Breach (lien direct) | A hefty slice of data – that of 100K+ current and former employees – was spilled in an “external system breach,” the pizza chain said. | Data Breach | ||
|
2021-11-18 21:45:54 | Ransomware Phishing Emails Sneak Through SEGs (lien direct) | The MICROP ransomware spreads via Google Drive and locally stored passwords. | Ransomware | ||
|
2021-11-18 18:49:37 | 3 Top Tools for Defending Against Phishing Attacks (lien direct) | Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it. | |||
|
2021-11-18 16:27:56 | FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months (lien direct) | The bureau's flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets' networks. | |||
|
2021-11-18 14:00:50 | Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials (lien direct) | Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific 'ephemeral' aspect of the project-management tool to link to SharePoint phishing pages. | Tool Threat | ||
|
2021-11-18 13:59:20 | How to Choose the Right DDoS Protection Solution (lien direct) | Pankaj Gupta, Senior Director at Citrix, outlines how distributed denial of service attacks have become increasingly sophisticated, bigger and economically motivated. | |||
|
2021-11-17 22:06:26 | Fake Ransomware Infection Hits WordPress Sites (lien direct) | WordPress sites have been splashed with ransomware warnings that are as real as dime-store cobwebs made out of spun polyester. | Ransomware | ||
|
2021-11-17 21:56:26 | Netflix Bait: Phishers Target Streamers with Fake Service Signups (lien direct) | Lures dressed up to look like movie and TV streaming offers are swiping payment data. | |||
|
2021-11-17 17:04:01 | Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns (lien direct) | Meanwhile, a Microsoft analysis that followed six Iranian threat actor groups for over a year found them increasingly sophisticated, adapting and thriving. | Threat | ||
|
2021-11-17 13:44:29 | Phishing Scam Aims to Hijack TikTok \'Influencer\' Accounts (lien direct) | Threat actors used malicious emails to target more than 125 people with high-profile TikTok accounts in an attempt to steal info and lock them out. | Threat | ||
|
2021-11-16 22:33:59 | FBI Email Hoaxer ID\'ed by the Guy He Allegedly Loves to Torment (lien direct) | Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out of the FBI's email system, says it's just one of a string of jabs from a childish but cybercriminally talented tormentor. | |||
|
2021-11-16 21:46:51 | Rooting Malware Is Back for Mobile. Here\'s What to Look Out For. (lien direct) | Hank Schless, senior manager of security solutions at Lookout, discusses AbstractEmu, mobile malware found on Google Play, Amazon Appstore and the Samsung Galaxy Store. | Malware | ||
|
2021-11-16 20:32:16 | 200M Adult Cam Model, User Records Exposed in Stripchat Breach (lien direct) | The leak included model information, chat messages and payment details. | |||
|
2021-11-16 18:29:46 | MosesStaff Locks Up Targets, with No Ransom Demand, No Decryption (lien direct) | A politically motivated group is paralyzing Israeli entities with no financial goal -- and no intention of handing over decryption keys. | |||
|
2021-11-16 13:57:04 | Emotet Resurfaces on the Back of TrickBot After Nearly a Year (lien direct) | Researchers observed what looks like the Emotet botnet – the "world's most dangerous malware" – reborn and distributed by the trojan it used to deliver. | ★★★★ | ||
|
2021-11-15 21:53:21 | The Best Ransomware Response, According to the Data (lien direct) | An analysis of ransomware attack negotiation-data offers best practices. | Ransomware | ||
|
2021-11-15 20:52:27 | High-Severity Intel Processor Bug Exposes Encryption Keys (lien direct) | CVE-2021-0146, arising from a debugging functionality with excessive privileges, allows attackers to read encrypted files. | |||
|
2021-11-15 20:10:15 | Cybercriminals Target Alibaba Cloud for Cryptomining, Malware (lien direct) | Malicious groups disable features in Alibaba Cloud ECS instances for Monero cryptojacking, according to Trend Micro researchers. | Malware | ||
|
2021-11-15 16:25:52 | FBI Says Its System Was Exploited to Email Fake Cyberattack Alert (lien direct) | The alert was mumbo jumbo, but it was indeed sent from the bureau's email system, from the agency's own internet address. | |||
|
2021-11-13 00:46:28 | Threat from Organized Cybercrime Syndicates Is Rising (lien direct) | Europol reports that criminal groups are undermining the EU's economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation. | |||
|
2021-11-12 23:19:17 | Costco Confirms: A Data Skimmer\'s Been Ripping Off Customers (lien direct) | Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services. | |||
|
2021-11-12 20:24:24 | Top 10 Cybersecurity Best Practices to Combat Ransomware (lien direct) | Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile. | Ransomware | ||
|
2021-11-12 19:49:05 | Windows 10 Privilege-Escalation Zero-Day Gets an Unofficial Fix (lien direct) | Researchers warn that CVE-2021-34484 can be exploited with a patch bypass for a bug originally addressed in August by Microsoft. | |||
|
2021-11-12 18:05:02 | Mac Zero Day Targets Apple Devices in Hong Kong (lien direct) | Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites. | |||
|
2021-11-12 13:14:44 | Millions of Routers, IoT Devices at Risk from New Open-Source Malware (lien direct) | BotenaGo, written in Google's Golang programming language, can exploit more than 30 different vulnerabilities. | Malware | ||
|
2021-11-11 20:32:39 | Invest in These 3 Key Security Technologies to Fight Ransomware (lien direct) | Ransomware volumes are up 1000%. Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs , discusses secure email, network segmentation and sandboxing for defense. | Ransomware | ||
|
2021-11-11 20:06:21 | Back-to-Back PlayStation 5 Hacks Hit on the Same Day (lien direct) | Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices. | |||
|
2021-11-11 18:48:06 | Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash (lien direct) | A Russian-language threat group is available for hire, to steal data on journalists, political leaders, activists and from organizations in every sector. | Threat Guideline | ||
|
2021-11-11 17:54:28 | Congress Mulls Ban on Big Ransom Payouts (lien direct) | A bill introduced this week would regulate ransomware response by the country's critical financial sector. | Ransomware | ||
|
2021-11-11 14:00:04 | Tiny Font Size Fools Email Filters in BEC Phishing (lien direct) | The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials. | |||
|
2021-11-10 18:24:50 | Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access (lien direct) | The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances. | |||
|
2021-11-10 17:00:35 | Massive Zero Day Hole Found in Palo Alto Security Appliances (lien direct) | Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls. | Vulnerability | ||
|
2021-11-10 14:00:26 | New Android Spyware Poses Pegasus-Like Threat (lien direct) | PhoneSpy already has stolen data and tracked the activity of targets in South Korea, disguising itself as legitimate lifestyle apps. | Threat |
To see everything:
Our RSS (filtrered)
